On Sat, Mar 31, 2007 at 04:23:44PM +0200, alex handle wrote:
> On 3/30/07, Robert Felber <[EMAIL PROTECTED]> wrote:
> >
> > Hello,
> >
> > I'm interested in statistics from other users of mails on a per client
> > basis
> > which got filtered out more than one time.
> >
> > I want to evaluate whether it is worth the work to implement a policy
> > notifier which is able to to send configurable strings to a socket or
> > command (example: building temporary realtime blacklists in order to avoid
> > floods; my intention: integration with policyd-weight, which already has
> > a temporary cache mechanism).
> >
> > For this to work it would be necessary to have the smtp client send
> > XFORWARD
> > to amavis.
> >
> > A temp block should always be build out of 'sender'-'ip'. Yet it should
> > still be possible to save the user from temp-blocking mailinglists (etc)
> > to
> > which a virus|spam was sent (this MUST work without additional
> > configuration).
> >
> > If the statistics would show, that there is no need for such thing I could
> > save some coffee.
> >
>
> The fastmail.fm guys tried something similar with little success.
> Regreylisting based on the feedback from the spam scoring system.
>
> http://blog.fastmail.fm/?p=572
>
> I think the idea would be nice for the outgoing servers of ISPs to
> automatically block zombie PCs and not getting on a blacklist (spamcop
> spamtraps!).
Well, the idea is to temp-block "[EMAIL PROTECTED]"
The main pitfalls are mailinglists in such a secenario.
Forwarders, poorly configured MTA should not be affected this way.
They are only affected for the specific sender.
For instance [EMAIL PROTECTED] would be blocked,
[EMAIL PROTECTED] would not be blocked.
I would appreciate scenario descriptions of poisoned false positives (i.e.
intentionally blocking user xyz in a malicious way) though.
Also, the block is temporarily (in the sense of walltime, not SMTP; i.e. we
would block with 5xx for a certain amount of time/requests).
Yet, I would only crack my brain if some statistics prove, that
a reasonable amount of subsequent spam|virus would be blocked this way.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
